Or if the message says to spread this message to as many people as possible. If it just contains those two things, destruction of hardware and spread and trade this message to everyone you know, immediately, pretty much, you know it is a hoax. It takes about 30 seconds.

There are some that are a little bit more difficult, but after about an hour’s worth of research we can determine whether it is a hoax. Maintaining the page is very, very easy.

SCHINDLER: Please delve into the psychology of people who spread virus hoaxes. Why do they do it? Is it the same as virus authors?

"If you get a message from a friend about a virus alert, I can pretty much guarantee it is a hoax."

HADDOX: The people who write virus hoaxes have a malicious streak, just as a virus writer might have. The difference is that the virus writer, who writes Trojan horses or some other kind of malicious application, has some kind of talent. They can actually program.

We see the virus hoax writers as having the same kind of malicious intent, but not having the skill to actually code a real virus. Kind of a wannabe.

SCHINDLER: How can people avoid being hoaxed?
HADDOX: Check the Symantec Antivirus Research Center (SARC) hoax page, at www.symantec.com/avcenter/hoax.html. There is also a link from the SARC home page at www.sarc.com.

SCHINDLER: If you get a message from a friend about a virus, what are the odds it is a hoax?
HADDOX: If you get a message from a friend about a virus alert, I can pretty much guarantee it is a hoax.

SCHINDLER: How is that? Don’t people sometimes share real information with each other about real viruses?
HADDOX: They do. But unless it comes from a bona fide source, like Symantec [it probably isn’t real.] We have a monthly newsletter with a lot of information about viruses and what’s going on with technology. We also create profiles.

But one thing we are very careful of -- extremely careful of -- is to not send out inflammatory alerts, because we are like the CDC [U.S. Center for Disease Control in Atlanta]. If they say there’s a massive outbreak of this virus in eastern Canada, it would cause a panic in that region.

We have to have the same kind of restraint and careful wording in the alerts, such that we won’t cause hysteria and panic. We are very sensitive to that. These hoaxes are blatantly inflammatory. "The end of the world will come as a result of this virus. All the computers across the United States will be brought to their knees. You have to send this message out to as many people as possible and protect all your friends." That’s extremely inflammatory, and something no bona fide researcher in the industry would ever do.

C O N T I N U E D . . . 2 of 2
SCHINDLER: But sometimes there have been widespread civilian alerts, as with Microsoft Word macro viruses.
HADDOX: Yes, but those warnings are very specific, the wording is very careful, so that the technical information is provided. It is not designed to cause any fear. These alerts very much are. And one thing we would never say is send this message on to everyone you know. If that appears in a virus alert, it is pretty much guaranteed a virus hoax. That’s how they spread, by saying "spread this to everyone you know."

SCHINDLER: How do you create the hoax page?

"We have a policy that once media is introduced into the lab, it never leaves. I call it the Roach Motel of computer viruses. So disks come in, but they never go out."

HADDOX: We got involved in virus hoaxes immediately when they started coming around. The first big one was Good Times, back in early 1992, started by a couple of pranksters from America Online. There have been hoaxes about various parts of the computer industry for years.

As virus experts, people would come to us and ask if we had detection/repair for this virus, and we’d say, "It’s a hoax." They’d say "What’s a hoax?" After enough of these viruses started coming around, it became very apparent to us that these were becoming a problem, so we built a dedicated page to debunk the virus hoaxes.

SCHINDLER: What is the pace of virus creation, and how long does it take you to cure it?
HADDOX: There are 10 to 15 new ones a day. Depending on the complexity of the virus, it can take five minutes to a full day to develop detection and repair. We have many sources. We get direct submissions from our customers, corporate and end users. We have library exchanges set up with our direct competitors, as well as with certification organizations and third parties.

We also have our own tools that we use that go out on the Internet and randomly scan and download files from the Internet, looking for viruses. We call that our Seeker Project.

SCHINDLER: Have you ever had an infected computer in the virus lab? Has a virus ever escaped?
HADDOX: No virus has ever escaped the lab. We take extreme precautions. There are no external connections inside the lab. It is a self-contained area. Only members of the research team have access to the lab. Not even a cleaning crew can come in.

Also, we have a policy that once media is introduced into the lab, it never leaves. I call it the Roach Motel of computer viruses. So disks come in, but they never go out. And then when the disks do pile up in the research center, we have bins that we put them into. We have a security company come in, they shred the material. We escort them down to the back of this truck, which has an industrial-grade shredder on it. We watch them pour all the disks into the shredder. It ends up looking like confetti. We get a certificate of destruction.